I've checked many resources, and most of them claim the only way to fetch users media using an token is to create facebook app, add instagram, generate user token for yourself and fetch graph api. https://graph.instagram.com/me endpoint. Is there no other way to simply fetch user's media via official api by using access token and username?
Also, when I use /me endpoint, everything works. If I change it to /*myusername*, where I obviously put my username instead, it says that said object does not exist, cannot be loaded due to missing permissions, or does not support this operation.
So, no. If you want to use Instagram API to fetch regular( ie not business ) users' feed, you need to use Instagram Basic API.
Related
I want to make something like an instagram web viewer like http://www.imgrum.org
Now, when I open https://www.instagram.com/developer/
I see that instagram requires some authentication from every user to access their images, but I have never authorized imgrum, yet my images etc. are visible on imgrum.org. How are they doing it? Or am I misinterpreting instragram API documentation?
You don't need authentication from a specific user to access that specific user's public content via the API.
In order to access public Instagram content via the API, you just need to authenticate any single Instagram account.
Once you authenticate any Instagram account, you can, through the access token for that account, access most of the public Instagram content.
As a concrete example, here are 2 GET requests you can make with a single user access token:
1) Request recent images of the user whose access token you have.
https://api.instagram.com/v1/users/self/media/recent/?access_token=ACCESS-TOKEN
Note here the self: meaning the user whose access token is ACCESS-TOKEN.
2) Request recent images of any other user on Instagram with a public account.
https://api.instagram.com/v1/users/{user-id}/media/recent/?access_token=ACCESS-TOKEN
Note here the {user-id} in place of self: meaning you can enter any user-id for any public Instagram account. And also note that this request still requires an ACCESS-TOKEN, but that the user associated with the ACCESS-TOKEN does not have to be the same user associated with user-id.
This is all documented here:
https://www.instagram.com/developer/endpoints/users/
https://www.instagram.com/developer/authentication/
Update:
In order to make the 2nd API call I listed above to any {user-id}, you need the ACCESS-TOKEN (of the authenticated user) to include public-content as part of the scope. In order to get that, your app must be approved by Instagram.
I would like to upload a given file to Sharepoint. I'm using the Microsoft Graph API.
The documentation follows this workflow:
1. If no token, redirect the user to the Microsoft signin page.
2. The user is then redirected to the application, with an access token
3. Use access token to have an authorization bearer
4. Do what you gotta do...
My problem is the sign-in part. I don't want my users to be redirected to the Microsoft signin page. I want my application to connect and get the access token in the background (with cURL or whatever).
How can I do that? Why is the "open in browser" necessary?
I tried to replicate the sign-in process, but all I get back is the HTML response from the signin page.
Thanks in advance.
Your application act as a single-tenant service or daemon app.
The documentation about this scenario is here : https://developer.microsoft.com/en-us/graph/docs/authorization/app_only
The application must be registered in the AzureAD directory corresponding to the Office365 tenant
A first request is made by passing the application unique identifier and secret key as registered in the directory. This request returns an access token
The access token can now be used in the Authorization header of the following request to the Microsoft Graph API.
This method (of using Client ID and Secret) works well but there are other ways which may be better suited for similar scenarios.
The one major thing which is missing in access token generated this way is a user, meaning the token only contains the identity of the OAuth application (client) which called it but is not associated with any user for the request.
This could have a couple of implications:
Since the token is not associated with a specific user you will not know who performed the operation. In your example, you would not know who uploaded the file (and other similar information may be missing).
Access token without users will not work at all for some methods. For those, you need a delegated token.
Creating a delegated token requires some effort, if you are interested you can find the details in my article:
Getting Access Token for Microsoft Graph Using OAuth REST API
Trying to call the Docusign REST API to Delete/Close User. Passing XML as the documentation in Docusign accepts XML or JSON. But getting 400 status code. I can login using REST API fine. Have had several eyes look at Docusign documentation on the Delete in relation to what I'm passing in XML, but nothing has popped out as to why we are getting 400. Typically, that would mean your XML ... your request is not correct format. Is anyone having this issue with Delete/Close User? Any advice?
Please don't use legacy authentication as it's old and insecure.
You should be using OAuth and if you don't want to have to authenticate each user you can use JWT (JSON Web Token) which would require that you obtain consent for the app to impersonate the user (or any user) that they make API calls on their behalf.
You can find more information about how to use JWT Auth in this article on the DocuSign developer center.
Deleting a user using the REST API is done using this endpoint:
DEL
/restapi/v2.1/accounts/{accountId}/users
The body is a JSON with an array of one or more users to delete. The userId (GUID) is sufficient information to provide to delete a user.
I am currently creating an API (who isn't) however when I look for a way to use oAuth in the ways Facebook and twitter do to authenticate users trying to get data all i find is a way to get users permissions which I do not need, the idea of my implementation of oAuth is to authenticate the developer so when they make an API call the server knows who they are and what to serve them. I haven't tried any oAuth code because I haven't found node module that will help so far, however I can give background. I am using:
Mongoose, to query MongoDB
Express, for the HTTP Server
I do not explicitly want to use oAuth, I simply thought it was a good idea, I am open to any other way of doing things.
I think you should read the OAuth specification and to decide if one of the grant flows suits for your requirements. When user(developer) logs in you grant Access Token to him/her. Now on when user makes request to API the Access Token must be on HTTP request header, extracting that Access Token on back-end service from the request you can identify the user.
It is up to you what kind of information you store to DB from the user when she/he registers to your service. But all that information can be mapped with the Access Token that user gets after succesful login or stored inside the Access Token also.
I am uploading photos to Flickr in .NET project using Flickr.NET API Library (Flickr.NET CodePlex Link). Its working perfect. But for every request, Flickr asks my permission to authorize the app (check screenshot below):
My question: is there any way I authorize the app once for my whole life rather it asks for my permission for each photo to upload?
Once you have exchanged your request token for an access token, you can store the access token in your application's persistent memory and use the access token to make subsequent requests.